Proposed F19 Feature: Package Signature Checking During Installation
Björn Persson
bjorn at xn--rombobjrn-67a.se
Tue Jan 8 16:46:04 UTC 2013
> One long-standing problem in Fedora is that we don't check package signatures
> during installation.
[...]
> Following the implementation of Features/SecureBoot, we can extend the Secure
> Boot keys as a root of trust provided by the hardware against which we can
> verify a signature on our key files, thus guaranteeing that they're from the
> same source as the boot media.
It's great that someone is finally trying to do something about bug 998,
but what's the plan for computers without Secure Boot? Will Anaconda
disable all signature checking if Secure Boot is disabled or
unavailable, or will it check as much as it can?
In my opinion, if Anaconda finds that it was booted without Secure
Boot, then it should assume that the user has verified the checksum on
the installation image and that the keys therein are therefore trusted,
and use those keys to verify any packages it downloads.
It's enough to verify downloaded packages in that case. Packages
included on the boot medium don't need to be checked if the boot medium
is trusted, but of course it doesn't hurt to verify those too if it's
easier to program that way.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130108/52e5093a/attachment.sig>
More information about the devel
mailing list